add billing project id support to firewall endpoint resource (GoogleC…

…loudPlatform#10122) * add billing project support * removed description field due to API issue * test updated and fixed for ADC support * added ADC warning * removing ADC
balanaguharsha · Mar 20, 2024 · 8f3a989 · 8f3a989
1 parent cbcabf7
commit 8f3a989
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 22 deletions.
diff --git a/mmv1/products/networksecurity/FirewallEndpoint.yaml b/mmv1/products/networksecurity/FirewallEndpoint.yaml
@@ -23,6 +23,13 @@ description: |
   A Firewall endpoint is a Cloud Firewall resource that enables
   layer 7 advanced protection capabilities, such as intrusion prevention,
   in your network.
+docs: !ruby/object:Provider::Terraform::Docs
+  warning: |
+    If you are using User ADCs (Application Default Credentials) with this resource,
+    you must specify a `billing_project` and set `user_project_override` to true
+    in the provider configuration. Otherwise the ACM API will return a 403 error.
+    Your account must have the `serviceusage.services.use` permission on the
+    `billing_project` you defined.
 references:
   !ruby/object:Api::Resource::ReferenceLinks
   api: 'https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/organizations.locations.firewallEndpoints'
@@ -110,3 +117,8 @@ properties:
     name: 'state'
     description: The current state of the endpoint.
     output: true
+  - !ruby/object:Api::Type::String
+    name: 'billingProjectId'
+    description: |
+      Project to bill on endpoint uptime usage.
+    required: true
diff --git a/...erraform/services/networksecurity/resource_network_security_firewall_endpoint_test.go.erb b/...erraform/services/networksecurity/resource_network_security_firewall_endpoint_test.go.erb
@@ -20,6 +20,7 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
 	acctest.SkipIfVcr(t)
 	t.Parallel()
 
+	billingProjectId := envvar.GetTestProjectFromEnv()
 	orgId := envvar.GetTestOrgFromEnv(t)
 	randomSuffix := acctest.RandString(t, 10)
 
@@ -29,7 +30,7 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
 		CheckDestroy:             testAccCheckNetworkSecurityFirewallEndpointDestroyProducer(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNetworkSecurityFirewallEndpoints_basic(orgId, randomSuffix),
+				Config: testAccNetworkSecurityFirewallEndpoints_basic(orgId, billingProjectId, randomSuffix),
 			},
 			{
 				ResourceName:            "google_network_security_firewall_endpoint.foobar",
@@ -38,7 +39,7 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
 			},
 			{
-				Config: testAccNetworkSecurityFirewallEndpoints_update(orgId, randomSuffix),
+				Config: testAccNetworkSecurityFirewallEndpoints_update(orgId, billingProjectId, randomSuffix),
 			},
 			{
 				ResourceName:            "google_network_security_firewall_endpoint.foobar",
@@ -50,34 +51,38 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
 	})
 }
 
-func testAccNetworkSecurityFirewallEndpoints_basic(orgId string, randomSuffix string) string {
+func testAccNetworkSecurityFirewallEndpoints_basic(orgId string, billingProjectId string, randomSuffix string) string {
 	return fmt.Sprintf(`
 resource "google_network_security_firewall_endpoint" "foobar" {
-    provider = google-beta
-    name     = "tf-test-my-firewall-endpoint%s"
-    parent   = "organizations/%s"
-    location = "us-central1-a"
-
-    labels = {
-        foo = "bar"
-    }
+  provider = google-beta
+
+  name     = "tf-test-my-firewall-endpoint%[1]s"
+  parent   = "organizations/%[2]s"
+  location = "us-central1-a"
+  billing_project_id = "%[3]s"
+
+  labels = {
+    foo = "bar"
+  }
 }
-`, randomSuffix, orgId)
+`, randomSuffix, orgId, billingProjectId)
 }
 
-func testAccNetworkSecurityFirewallEndpoints_update(orgId string, randomSuffix string) string {
+func testAccNetworkSecurityFirewallEndpoints_update(orgId string, billingProjectId string, randomSuffix string) string {
 	return fmt.Sprintf(`
 resource "google_network_security_firewall_endpoint" "foobar" {
-    provider = google-beta
-    name     = "tf-test-my-firewall-endpoint%s"
-    parent   = "organizations/%s"
-    location = "us-central1-a"
-
-    labels = {
-        foo = "bar-updated"
-    }
+  provider = google-beta
+
+  name     = "tf-test-my-firewall-endpoint%[1]s"
+  parent   = "organizations/%[2]s"
+  location = "us-central1-a"
+  billing_project_id = "%[3]s"
+
+  labels = {
+    foo = "bar-updated"
+  }
 }
-`, randomSuffix, orgId)
+`, randomSuffix, orgId, billingProjectId)
 }
 
 func testAccCheckNetworkSecurityFirewallEndpointDestroyProducer(t *testing.T) func(s *terraform.State) error {